Windows 7 and Server 2008 Blocks by Default
Windows 7 and Server 2008 are built by default to block the installation of software (and other administrative tasks) and to block communication to and from the server. There are a few adjustments which must be made in order to change this behavior.
1. There is an added control of user accounts in these operating systems called User Account Control. User Account Control will block the installation of software for any user except THE Administrator. This includes any other user even if part of the administrator’s group. And the software may appear to install correctly, but it is not installed correctly. If installed by THE Administrator the software will correctly install but any other user will not be able to run the software.
FIX: User Account Control must be turned off using a vertical slider bar. This control is found in the User Accounts applet in the Control Panel. There is a link for User Account Control. Move the slider bar to the bottom and this will turn off the feature.
2. In Server 2008 especially, there are 3 firewalls in some of our servers. There is a Domain, Public, and Private firewall. All three may need to be turned off in order for communication between the server and clients to operate. If not turned off, then exceptions must be applied for the security applications.
FIX: Use the Firewall applet in Control Panel to control the Firewalls.
3. ICMP is a common network protocol. It is used when the PING command is executed to determine network connectivity. Server 2008 turns off ICMP. So even when the network is fine, you may not be able to ping the server. We have actually blamed the customer’s network for blocking communication and this was not true. Other needed protocols are also turned off, like HTTP.
FIX: This is also found in the firewall settings and policies. Server 2008 provides an interface almost like a hardware based firewall where you can open or close inbound or outbound HTTP traffic. Adjust these settings for your particular application. But at least turn on ICMP in the server before
No comments:
Post a Comment